Get Started

Privacy Policy

Trusti Security (“us”, “we”, or “our”) operates the https://trustiwp.com website and the Trusti Security WordPress plugin (collectively, the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of data when you use our Service. By using the Service, you agree to the practices described in this policy. Unless otherwise defined here, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

DEFINITIONS

Personal Data – Data about a living individual who can be identified from that data.

Usage Data – Data collected automatically, either generated by your use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies – Small pieces of data stored on your device by your browser.

Data Controller – The entity that determines the purposes and means of processing personal data. For the purposes of this Privacy Policy, we are a Data Controller only in respect of data that reaches us directly, as described below.

Data Processor (or Service Provider) – A third party that processes data on behalf of the Data Controller. Several functions of our Service are handled entirely by third-party processors, as described in the Service Providers section.

User – The individual using our Service.

WHAT DATA WE COLLECT – AND WHAT WE DON’T

Trusti Security does not directly collect or store personal data such as names, email addresses, payment card details, or billing information from visitors to this website. We do not operate user accounts or a login system on trustiwp.com.

All purchase transactions, license management, and the personal data associated with them (name, email address, payment details, site URL, license keys) are handled entirely and exclusively by our authorized reseller and payment processor, Freemius Inc. Trusti Security does not receive or store this data directly. For full details on how Freemius handles your personal data, please review their Privacy Policy at https://freemius.com/privacy/.

Usage Data

We use Google Analytics to collect anonymized data about how visitors use our website. This may include your IP address (anonymized), browser type, browser version, the pages you visit, the time and date of your visit, time spent on pages, and other diagnostic data. This data is used solely to understand and improve our website. For more information, see the Service Providers section below.

Cookies

Our website may set standard WordPress cookies required for the basic functioning of the site (for example, session and security cookies). These cookies do not contain personally identifiable information and are not used for tracking or advertising purposes beyond what is described in this policy.

You can instruct your browser to refuse all cookies or to notify you when a cookie is being sent. Note that disabling cookies may affect the functionality of some parts of the Service.

Newsletter

We may in the future offer an opt-in newsletter. If you choose to subscribe, your email address will be processed by Freemius, our email service provider. Subscription is entirely voluntary and you may unsubscribe at any time via the link included in every email. We will not use your email address for any purpose other than sending the communications you opted into.

USE OF DATA

The limited data we collect is used for the following purposes:

  • To monitor and analyze website traffic and improve the Service (Google Analytics)
  • To ensure basic website functionality (WordPress session and security cookies)
  • To send newsletters or product updates to users who have explicitly opted in
  • To detect, prevent, and address technical issues

RETENTION OF DATA

Analytics data collected via Google Analytics is retained in accordance with Google’s data retention policies. Newsletter subscriber data is retained until you unsubscribe. We do not retain personal purchase or payment data as this is managed entirely by Freemius.

DISCLOSURE OF DATA

Business Transaction

If Trusti Security is involved in a merger, acquisition, or asset sale, any data in our possession may be transferred. We will provide notice before any such transfer takes place.

Legal Requirements

Trusti Security may disclose data in the good faith belief that such action is necessary to: comply with a legal obligation; protect and defend the rights or property of Trusti Security; prevent or investigate possible wrongdoing in connection with the Service; protect the personal safety of users of the Service or the public; or protect against legal liability.

SECURITY OF DATA

The security of your data is important to us. While we strive to use commercially acceptable means to protect any data in our possession, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

YOUR RIGHTS

Since Trusti Security does not directly store personal data such as your name, email address, or payment information, requests to access, correct, or delete purchase-related personal data should be directed to Freemius Inc. at https://freemius.com/privacy/.

For any data that Trusti Security may hold directly (such as a newsletter subscription), you have the right to access, rectify, or request deletion of that data. To exercise these rights, please visit our Contact page.

GDPR – EUROPEAN DATA SUBJECTS

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. As noted above, the majority of personal data associated with your use of the Service is processed by Freemius, and you should contact them directly for GDPR-related requests concerning purchase or account data. For any data held directly by Trusti Security, please contact us via our Contact page.

CALIFORNIA RESIDENT SPECIFIC RIGHTS

Under the California Consumer Privacy Act (CCPA), California residents have rights regarding the collection and use of their personal information. As Trusti Security does not directly collect personal information such as names, payment details, or account data, most CCPA requests relating to purchase data should be directed to Freemius Inc. For any data held directly by Trusti Security, please contact us via our Contact page.

TRUSTI RADAR BROWSER EXTENSION – DATA PRACTICES

Trusti Radar is a browser extension that performs security scans of WordPress websites directly from your browser. This section describes exactly what data is transmitted when you use the extension, and to whom.

No Data Collected by Trusti Security

Trusti Security does not collect, receive, store, or process any data from the Trusti Radar extension. The extension does not send any information to Trusti Security servers. All scan data, site lists, results, and settings are stored locally in your browser using Chrome’s built-in extension storage and remain exclusively on your device.

Data Transmitted During a Scan

When you initiate a scan, the extension makes direct HTTP requests from your browser to the following external destinations. No data from any of these requests is forwarded to Trusti Security.

The scanned website itself – The extension requests several publicly accessible URLs on the target site, including the homepage, WordPress REST API endpoints, wp-login.php, xmlrpc.php, the RSS feed, readme.html, license.txt, and wp-content directories. These are standard HTTP requests made directly from your browser to the target server.

wpvulnerability.net – The extension queries this public vulnerability database to check whether the detected versions of WordPress core, PHP, installed plugins, and themes have known security vulnerabilities. The queries include version numbers and plugin or theme slugs. No personally identifiable information is included.

hstspreload.org – The extension queries the HSTS Preload API to check whether the scanned domain has been submitted to the browser HSTS preload list. Only the domain name of the scanned site is included in this query.

crt.sh – The extension queries the crt.sh certificate transparency log database to check for the presence and validity of an SSL/TLS certificate for the scanned domain. Only the domain name is included in this query.

dns.google – The extension uses Google’s DNS over HTTPS API to perform DNS lookups required for several checks: CAA records, DNSSEC status, SPF records, and spam blacklist (DNSBL) queries. Only the queried domain name and record type are included in each request. Spam blacklist checks are performed entirely through DNS queries via this service – the spam blacklist operators’ websites are not contacted directly by the extension.

api.hackertarget.com – The extension queries HackerTarget’s reverse IP lookup API to check how many other websites share the same server IP address as the scanned domain. Only the resolved IP address of the scanned site is sent in this query.

No Tracking or Analytics

The Trusti Radar extension does not include any analytics, telemetry, crash reporting, or tracking code. No usage data of any kind is collected or transmitted to Trusti Security or any other party through the extension.

Local Storage

The extension stores your site list, scan results, settings, and ownership verification tokens in Chrome’s local extension storage. This data is stored exclusively on your device and is not synced to any external server by the extension. Uninstalling the extension removes this data from your device.

SERVICE PROVIDERS

We use the following third-party service providers in connection with the Service. Each is bound by their own privacy policy and data processing terms.

Payments and Licensing

Freemius Inc. is our authorized reseller and payment processor. All purchase transactions, license management, and associated personal data (name, email, payment card details, site URL, license information) are handled directly and exclusively by Freemius. Trusti Security does not receive or store this data. Privacy Policy: https://freemius.com/privacy/

Analytics

Google Analytics – We use Google Analytics to analyze website traffic. Google Analytics collects anonymized usage data including IP addresses, browser information, and page visit data. You can opt out by installing the Google Analytics Opt-out Browser Add-on. Google’s Privacy Policy: https://policies.google.com/privacy

LINKS TO OTHER SITES

Our Service may contain links to third-party websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We strongly advise you to review the Privacy Policy of every site you visit.

CHILDREN’S PRIVACY

Our Service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you believe a child has provided us with personal data, please contact us via our Contact page and we will take steps to remove that information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page and updating the “Last Updated” date. You are advised to review this page periodically. Changes are effective when posted.

CONTACT

If you have any questions about this Privacy Policy, please visit our Contact page.